The General Data Protection Regulation (GDPR), which applies starting 25 May 2018, creates consistent data protection rules across Europe. It applies to companies who are based in the EU and global companies who process personal data about individuals in the EU. It is one of the biggest legislative changes made since 1975 and could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater. We’re excited to help our customers understand how we are approaching this.
DPO at interworks.cloud
Commitment to the delivery of Personal Data Protection extends to senior level and is demonstrated through the Personal Data Protection Programme and the provision of appropriate resources to establish and develop effective technical and organizational measures to ensure appropriate security for personal data.
We share a top-down approach, outlining the planning and executing phases to structure the approach to a compliance strategy; we define the key considerations for each of the phases, including objectives, participants, inputs, tasks and deliverables.
Top management ensures at all times that a systematic review of the performance of the programme is conducted on a regular basis, addressing whether objectives were met as well as any areas of concern that may require corrective actions.
The DPO, an independent advocate of personal data protection, plays a significant role in this programme, by ensuring compliance, giving advice and recommendations, identifying risks, auditing processes, handling requests and complaints and directing towards continuous improvement.
A risk management approach and process is used which is line with the requirements and recommendations of the GDPR and relevant international standards such as ISO/IEC 27001 which interworks.cloud is certified to.
Risk management takes place at several levels within the organization, including:
• Assessment of risks to the achievement of our personal data protection objectives
• Regular personal data protection risk assessment within specific operational areas
• Assessment of risk as part of the business change management process
• At the project level as part of the management of significant change, including Data Protection Impact Assessments (DPIAs)